The old Linux administrators are aware of the SSH (Secure shell protocol), this is their software Toolbox most convenient and most useful tools.
In the workstation XWindows use more under or through end-to-competition, Linux server administrator Screenutility or other UNIX based operating system the server administrator can easily manage several systems at the same time. Network Management shell or Perl scripts, can use SSH on multiple servers automatically perform simple safely. Network shell effects RSH than SSh. But in its functional SSH adds powerful encryption and compression functions, and most modern SSH implementations in the same package provides SFTP and SCP for network security file transfer. The most popular the most common SSH implementation in the form of OpenSSH, which is determined by the OpenBSD community ideas and maintenance projects. OpenSSH is imported for each operating system platform, including Microsoft Windows, although the Window environment it is the most widely used: for UNIX-based systems on the OpenSSH server and client. The UNIX-based systems including: Linux, Solaris and OpenBSD. SSH SSH functions use strong encryption to protect data in the remote session is not a malicious hacker attacks. From the beginning to provide end-to-end security protection, including client contact with the host, and the computer between user name and password before the password key conference dedicated to Exchange. It can use several different password scheme: AES, 3DES, Blowfish, and other programmes. A trusted host identification scheme and key exchange between systems, improving security OpenSSH does not require a security certificate or priority key exchange to create secure encrypted remote session. In addition, use SSH to resolve certain types of network congestion, significantly accelerating the network because it transmits data before the data is compressed. It provides SFTP encrypts, similar to FTP, interactive file transfer ability, so that even the password and user name in the network are not hindered. For file transfer operations, SCP also similarly provides safe and convenient way to do this — the encrypted file copy command, the command action network connection, it is part of the SSH implementation. SSH encrypted communication known as the network protocol. Development it is intended to replace RSH RSH utility, also with a dense, but not enough security. SSH not only inherited the functions of RSH, and extend its functionality, particularly with regard to safety. Linux install OpenSSH on Linux OpenSS is easy. For example, in DebianGNU/Linux system, install OpenSSH, do as the root user login, and then enter the command apt-getinstallssh. Similarly, in FedoraCoreLinux system, install OpenSSH, do as the root user login, and then enter the command yuminstallssh. You don't even need to do these things because in Debian and FedoraCore, their default installation configuration already includes OpenSSH. For Linux systems, if you want to determine whether the system is already installed OoenSSH, just enter the command: ssh. If you have OpenSSH installed in the system, it will give you simple use the Guide information (ListingA): ListingA $ ss ssh usage: [-1246AaCfgkMNnqsTtVvXxY] [-bbind_address] [-ccipher_spec] [-Dport] [-eescape_char] [-Fconfigfile] [-iidentity_file] [-L [bind_address:] port: host: hostport] [-llogin_name] [-mmac_spec] [-Octl_cmd] [-ooption] [-pport] [-R [bind_address:] port: host: hostport] [-Sctl_pat] user @] hostname [command] OpenSSH manual has more complete usage information. This manual is a handbook for the traditional UNIX file system, and in command line mode input manssh command, you can access OpenSSH manual. Guide gives the OpenSSH client command line option, the associated configuration file information, the current version of the known Bug information, affecting its operation of the shell environment variable information and instructions are included in the list. As shown in the list, above sshd's instructions, the instructions, as well as ssh-agent OpenSSH tool set in the other application's instructions. Configure and use the Linux client in the OpenSSH client, from the command line access OpenSSH server on another system, you only need enter sshhost command, here the "host" is the host name of the target system. Sometimes the host name cannot be resolved to an IP address because you do not have the system's DNS and it is not in the local system's listed in/etc/hosts file. At this point it is necessary to specify the target system's IP address instead of host names, for example: enter ssh192.168.0.1 command, the connection represented by the IP system. More SSH command as follows: general use SSH port 22. If SSH server listens on a nonstandard port, use the following command example port number is 1234: ssh-p1234ost unless you specify a user name, Otherwise it will try to log on to a remote system, the user name and user name on the local system. You can use the command option to specify a different user name. The following gives a general form, the "user" means that the user name. Ssh-luserost a more general method of the specified user names is to use the following format: ssh user @ host by SSH without having to open the shell interface that you can execute commands on the target system. The following example of the "command" indicates that the command you want to perform: sshhostcommand can target Specifies the current working path. In the following example specifies that the current working path/home/user: sshhost:/home/user above can be a combination of multiple options to a piece, the formation of a more complex custom: ssh-p1234 user @ host:/home/user ssh-luserhostcommandOpenSSH configuration file is located in the path/etc/ssh. OpenSSH client main profile/etc/ssh/ssh_config path, most release contains enough information to tell you how to use a configuration file. For a broad and complex manual system version, such as Debian, you can use the get command, manssh_config enough of the OpenSSH client configuration information. For security purposes, a widespread and important configuration option is the ForwardX11, it should be set to "NO" to block SSH client to the network automatically send XWindows system information, even in through SSH connection without XWindows, used is the same. Use this setting, you can specify specific SSH connection, by using the-X command options, shipping XWindows system information. In etc/ssh/ssh_config file other configuration options can be implemented and to obey the security policies, and services to the specific security needs. Windows SSH client Microsoft Window system has many SSH client program, some are private and commercial applications, some of them are freeware or shareware, and some are open source software, for example: OpenSSH. There is a command-line client program, which some of the program is installed as part of similar UNIXshell, now the most commonly used SSH's graphical user interface program. Among them, WinSCP for SCP and SFTP performance, PuTTY for SSHshell performance. By reading the OpenSSH on Linux using the information, you can easily understand the WinSCP and PuTTY user interfaces and their configuration. Can also be called actual OpenSSHforWindows Microsoft WindowsOpenSSH ports. Configure and use the Linux server in General, OpenSSH server running Liunx system. It can in DebianGNU/Linux system commands via/etc/init.d/ssh restart. Similarly, in the start and stop, just need to "restart" replacement "start" and "stop". FedoraCoreLinux systems use the same command format, but you will need to ssh/etc/init.d/ssh "into the" sshd "replacement". And OpenSSH client configuration file similar to the OpenSSH server configuration can be done through/etc/ssh/sshd_config file. Its format is very similar with/etc/ssh/ssh_config, but there are many different options. Configuration details can be viewed by entering mansshd_config command. Typically IgnoreRhosts the UsePrivilegeSeparation and option set to "YES," but the PermitRootLogin and PermitEmptyPasswords option set to "NO". And the OpenSSH client, use SSH transport XWindows system information risk is very low, if not necessary, it to any system should be inactive. In this way, you will typically set X11Forwarding into "NO". On Linux, they are usually quite have the safety consciousness of people for maintenance, these configuration options should be properly configured. General should include PermitRootLogin and X11Forwarding configuration options. Use OpenSS OpenSSH also features. For example: other network protocol can OpenSSH Protocol tunneling "on", providing increased security, this has some tips in this article. Ssh-agent tool can simplify the OpenSSH client management and use. There are no related tools, including SSH tunneling support, for example: Subversion version control system. Its potential is endless, it is not possible to find them. Use more than one computer, the new users of Linux may not be immediately aware of the value of SSH. They are used in Microsoft Windows, Windows interface is optimized well, to some extent, but not easy for remote administration. That is a server management and remote technical support, use such as WindowsRemoteDesktop and TerminalServicesforWindows and other remote management tools, its effectiveness is also very limited, and does not encourage the use of Windows directly over a network. On the contrary, the Linux user in a single run their daily program and the computer after the simple installation can visit via SSHAsk these programs. Many Linux administrator will sit in front of a computer, do not in the same place more than one computer, including email, writing, programming, this is not a one or two network applications. On the more familiar SSH's performance, its uses, but also the more trust it. But come out from the Windows of the Linux users also cannot immediately felt the ability to promote productivity through SSH. OpenSSH configuration and use are worth learning, even if you cannot immediately see the effect, over time, you cannot do without it. Original link: http://www.zdnet.com.cn/developer/code/story/0,3800066897,39524195-2,00.htm
No comments:
Post a Comment